search

LabZoneSK / labzone-gatsby

BSD Zero Clause License
2 stars 0 forks source link

[Snyk] Upgrade gatsby-plugin-robots-txt from 1.5.5 to 1.7.0 #117

Closed snyk-bot closed 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to upgrade gatsby-plugin-robots-txt from 1.5.5 to 1.7.0.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
npm:underscore.string:20170908		 375/1000
Why? CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-XSS-1584355		 375/1000
Why? CVSS 7.5		 No Known Exploit
Access Restriction Bypass
SNYK-JS-XMLHTTPREQUESTSSL-1255647		 375/1000
Why? CVSS 7.5		 Proof of Concept
Arbitrary Code Injection
SNYK-JS-XMLHTTPREQUESTSSL-1082936		 375/1000
Why? CVSS 7.5		 Proof of Concept
Improper Input Validation
SNYK-JS-URLPARSE-2407770		 375/1000
Why? CVSS 7.5		 No Known Exploit
Denial of Service (DoS)
SNYK-JS-TRIMNEWLINES-1298042		 375/1000
Why? CVSS 7.5		 No Known Exploit
Information Exposure
SNYK-JS-SIMPLEGET-2361683		 375/1000
Why? CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-OBJECTPATH-1585658		 375/1000
Why? CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-NORMALIZEURL-1296539		 375/1000
Why? CVSS 7.5		 No Known Exploit
Uncaught Exception
SNYK-JS-ENGINEIO-2336356		 375/1000
Why? CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269		 375/1000
Why? CVSS 7.5		 Proof of Concept
Authorization Bypass Through User-Controlled Key
SNYK-JS-URLPARSE-2412697		 375/1000
Why? CVSS 7.5		 Proof of Concept
Authorization Bypass
SNYK-JS-URLPARSE-2407759		 375/1000
Why? CVSS 7.5		 Proof of Concept
Access Restriction Bypass
SNYK-JS-URLPARSE-2401205		 375/1000
Why? CVSS 7.5		 Proof of Concept
Open Redirect
SNYK-JS-URLPARSE-1533425		 375/1000
Why? CVSS 7.5		 Proof of Concept
Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984		 375/1000
Why? CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640		 375/1000
Why? CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595		 375/1000
Why? CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640		 375/1000
Why? CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595		 375/1000
Why? CVSS 7.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 375/1000
Why? CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-OBJECTPATH-1569453		 375/1000
Why? CVSS 7.5		 No Known Exploit
Denial of Service
SNYK-JS-NODEFETCH-674311		 375/1000
Why? CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355		 375/1000
Why? CVSS 7.5		 Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 375/1000
Why? CVSS 7.5		 Proof of Concept
Prototype Pollution
SNYK-JS-MINIMIST-2429795		 375/1000
Why? CVSS 7.5		 No Known Exploit
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 375/1000
Why? CVSS 7.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: gatsby-plugin-robots-txt from gatsby-plugin-robots-txt GitHub release notes
Commit messages
Package name: gatsby-plugin-robots-txt
  • 9f8b327 feat: use `fs` promise
  • 928e4ae chore: regenerate yarn lock file
  • 8b7f9d2 test: enable test
  • 057287c refactor: switch to `fs` promise (#549)
  • dc056bf docs: remove `appveyor` badge
  • 2ba5528 test: rename case
  • af69f24 chore(deps-dev): bump semantic-release from 18.0.0 to 18.0.1 (#533)
  • 78ac08c chore: fix `eslint`
  • 2bcf6b1 chore(deps-dev): bump eslint from 7.29.0 to 8.6.0 (#543)
  • 7ab50d7 chore(deps-dev): bump @ babel/plugin-transform-runtime (#544)
  • fc9cbbb chore(deps-dev): bump @ babel/preset-env from 7.16.0 to 7.16.8 (#545)
  • 2827459 chore(eslint): update config (#548)
  • efd8086 chore(deps-dev): bump eslint-plugin-markdown from 1.0.2 to 2.2.1 (#498)
  • 923d38d chore(deps): bump actions/setup-node from 2.4.1 to 2.5.1 (#540)
  • 0ebc9cd ci: add os matrix (#547)
  • a821e76 ci: add os matrix (#546)
  • 1d854b6 chore(deps-dev): bump memfs from 3.2.2 to 3.3.0 (#529)
  • cf52564 chore(deps-dev): bump @ babel/preset-env from 7.14.7 to 7.16.0 (#528)
  • a41eee6 chore(deps-dev): bump semantic-release from 17.4.4 to 18.0.0 (#524)
  • 4430050 chore(deps-dev): bump prettier from 2.3.2 to 2.4.1 (#526)
  • 4b4fd3a chore(deps): bump actions/setup-node from 2.1.5 to 2.4.1 (#527)
  • 09afbe7 chore(ci): bump node version (#523)
  • 236ed8a chore(deps): bump @ babel/runtime from 7.15.4 to 7.16.3 (#525)
  • d6c1acc chore(deps-dev): bump @ babel/cli from 7.14.5 to 7.16.0 (#519)
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs